Entire books could be (and have been) written about securing Windows 2000 Server, and rightly so; it's an important topic (and one that we devote considerable space to, including Chapters 18 and 19). We won't launch a big security discussion here, but some security precautions are necessary before considering your server "online." Here's what Microsoft recommends (for a detailed explanation of these suggestions, see http://www.microsoft.com/technet/security/tools/w2ksvrcl.asp, or refer to the appropriate sections of this book):
- Eliminate FAT (make sure all hard disk partitions are using NTFS).
- Rename the administrator account and create a strong password for it (and use a different password for each server).
- Set appropriate password policies and account lockout policies for your network.
- Disable unnecessary services, especially Internet Information Services. If not doing file or printer sharing, disable the Server service.
- Don't install unnecessary applications such as e-mail, Microsoft Office, or utilities.
- Disable unnecessary accounts.
- Check folder permissions.
- Disable the Guest account.
- Protect the registry from anonymous access.
- Apply appropriate registry access control lists (ACLs).
- Restrict access to the Local System Authority (LSA).
- Remove unnecessary file shares.
- Install antivirus software and the latest virus definition files.
- Install the latest service pack.
- Install security hot fixes as appropriate for your network.